34a St Mary's Street, Stamford, Lincolnshire PE9 2DS

Privacy Policy

Your questions and concerns are important to us. Reach out today, and let our friendly team provide the support you need.

Introduction




Practice communication for all Patient Data in accordance with General Data Protection Regulations (GDPR)

St Mary’s Dental Practice is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about patients during and after any treatment with us, in accordance with the General Data Protection Regulation (GDPR).

St Mary’s Dental Practice is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you as a patient. We are required under data protection legislation to notify you of the information contained in this privacy notice.

 

Scope of This Notice

This notice applies to current and former patients of St Mary’s Dental Practice. This notice does not form part of any contract to provide services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. A copy of the full GDPR Policy and Procedure is available for review at the Practice.

 

1. Data Protection Principles



We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

 

2. Information We Hold About You


 

2.1 Types of Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are “special categories” of more sensitive personal data which require a higher level of protection.

 

2.2 Categories of Data We Collect

We will collect, store, and use the following categories of patient data:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Date of birth
  • Gender
  • Marital status and dependants
  • Next of kin and emergency contact information
  • National Insurance number
  • Bank account details
  • Registration date with St Mary’s Dental Practice
  • Information that the individual is or has been a patient of St Mary’s Dental Practice or has attended, cancelled or failed to attend an appointment on a certain day

This list is not exhaustive.

 

3. Data Collection and Usage


 

3.1 How We Collect Your Information

We collect personal information about patients:

  • Directly from you
  • From third parties

We will collect additional personal information in the course of marketing activities carried out by St Mary’s Dental Practice.

 

3.2 Legal Basis for Using Your Information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you
  • Where we need to comply with a legal obligation
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests)
  • Where it is needed in the public interest or for official purposes
  • Archiving your sensitive personal date data for use in the public interest, scientific interest, historical and statistical purposes

 

4. Sensitive Personal Information


 

4.1 Special Categories of Data

We will process the following categories of sensitive personal data:

  • Details regarding your personal identification such as your physical condition (including x-ray imaging, genetic and biometric data)
  • Information concerning your medical history, including physical and/or mental condition and your oral health or condition
  • Information about discussions undertaken and agreements reached on treatment options
  • Information about the treatment that is planned, is being undertaken or has been provided
  • Information about family members and personal circumstances supplied by you or others
  • Financial information including treatment costs, amounts paid, and outstanding payments

 

4.2 Consent Requirements

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of health and safety law.

 

5. Data Sharing and Security


 

5.1 Third Party Recipients

We may share your information with:

  • Dental Plan Membership Administrator
  • Loss assessors
  • Insurance companies
  • Regulatory authorities (GDC, CQC)
  • Fraud prevention agencies
  • NHS Local Authorities
  • The British Dental Association (BDA)
  • Other entities within our group

 

5.2 Security Measures

We have implemented appropriate security measures to prevent your personal information from being:

  • Accidentally lost
  • Used or accessed in an unauthorised way
  • Altered or disclosed
 

6. Your Rights and Responsibilities 


 

6.1 Your Rights

You have the right to:

  • Request access to your personal information
  • Request correction of your personal information
  • Request erasure of your personal information
  • Object to processing of your personal information
  • Request restriction of processing your personal information
  • Request transfer of your personal information
  • Withdraw consent
 

6.2 Your Responsibilities

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

7. Data Retention



We will retain your personal information for:

  • A minimum of 11 years for adult patients
  • Until age 25 for children
  • Longer periods where required by law or professional guidelines

 

8. Contact Information


 

Data Protection Officer

We have appointed [DPO Name] as our Data Protection Officer. For questions about this privacy notice or how we handle your personal information, please contact the DPO.

 

Making a Complaint

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

 

9. Changes to This Privacy Notice


We reserve the right to update this privacy notice at any time. We will provide you with a new privacy notice when we make any substantial updates.

Last updated: February 2025